歡迎大家多多交流!
微軟緊急安全更新 涉及多家大型網站證書
2011-03-23 13:44:27 / 天氣: 冷
/ 心情: 平靜
/ 個人分類:資安
微軟發佈了編號KB2524375的
緊急安全更新,將新近冒出的多個欺騙性數字安全
證書擋在門外,
涉及業內多家大型互聯網站。
微軟在安全公告中表示,隸屬於受信任根證書頒發機構(TRCAS)的Comodo於本月16日通知微軟,有九個安全數字證書是在第三方機構未提供充分身份認證的情況下簽署的,可能會被不法分子通過IE瀏覽器針對網民發動內容欺騙、釣魚攻擊、中間人攻擊(MIMT)等等。……
用戶現在就可以通過
Windows Update自動更新(安裝後無需重啟系統),或者在微軟支持網站上下載,
地址為:
http://support.microsoft.com/?kbid=2524375
QUOTE:
官方資訊
http://www.microsoft.com/technet/security/advisory/2524375.mspx
Microsoft Security Advisory (2524375)
Fraudulent Digital Certificates Could Allow Spoofing
Published: March 23, 2011
Version: 1.0
General Information
Executive Summary
Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.
These certificates affect the following Web properties:
•
login.live.com
•
mail.google.com
•
www.google.com
•
login.yahoo.com (3 certificates)
•
login.skype.com
•
addons.mozilla.org
•
"Global Trustee"
Comodo has revoked these certificates, and they are listed in Comodo’s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used.
An update is available for all supported versions of Windows to help address this issue. For more information about this update, see Microsoft Knowledge Base Article 2524375.
Typically, no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically. For more information, including how to manually install this update, see the Suggested Actions section of this advisory.
相關閱讀:
- 微軟修補下載所引起的漏洞 (P11052, 2011-1-13)
- 微軟將在2月10號公布IE9最終預覽版 (危軟, 2011-2-01)
- 中國防火牆設計者也翻牆 (X-LAN, 2011-2-18)
- 即時訊息(黑客篇) (魔羯, 2011-2-20)
- MSN通訊個資易外洩 提防受詐騙 (MSN, 2011-3-02)
- 自然人憑證3月21日改版 (SU, 2011-3-15)
- 惡意軟體扮偽裝 攻擊Linux、類Unix 路由器 (PC, 2011-3-15)
- Palo Alto Networks針對企業推出三項新資安方案 (小P, 2011-3-11)
- 高速傳輸卡板故障 桃部分地區巿話110 119無法受理 (X-LAN, 2011-3-19)
- 諾頓360 5.0 電腦防護守門員 (小P, 2011-3-18)
論壇模式
推薦
收藏
等級(4)
編輯
管理
查看(921)
評論(0)
TAG:
微軟
緊急
安全
更新
涉及
證書
資安